Sign-up

VARIoT news about IoT security

Lights Out: How One Tiny Message Can Crash Your Shelly Pro 4PM and Lock You Out of Your Smart Home

Trust: 6.25

Fetched: Nov. 19, 2025, 9:13 a.m., Published: Nov. 19, 2025, 4 p.m.
 Vulnerabilities: code execution, authentication vulnerability
Affected productsExternal IDs
vendor: dram model: dram
db: NVD ids: CVE-2025-11243

CVE-2025-56009 | Armis Vulnerability Intelligence Database

Trust: 5.0

Fetched: Nov. 19, 2025, 9:12 a.m., Published: Oct. 23, 2025, 3:15 p.m.
 Vulnerabilities: request forgery, cross-site request forgery
Affected productsExternal IDs
db: NVD ids: CVE-2025-56009

CVE-2025-64446 FortiWeb Zero-Day Exploited | TenableĀ®

Trust: 3.0

Fetched: Nov. 19, 2025, 9:12 a.m., Published: Nov. 14, 2025, 5:45 p.m.
 Vulnerabilities: path traversal
Affected productsExternal IDs
db: NVD ids: CVE-2025-64446

Access Denied

Trust: 3.0

Fetched: Nov. 18, 2025, 9:47 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: galaxy

Critical RCE Flaws Found Across Major AI Inference Servers | Oligo Security

Trust: 3.75

Fetched: Nov. 18, 2025, 9:47 a.m., Published: Nov. 13, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-60455, CVE-2025-23254, CVE-2024-50050, CVE-2025-30165

Synology BeeStation 0-Day Vulnerability Let Remote Attackers Execute Arbitrary Code

Trust: 4.75

Fetched: Nov. 18, 2025, 9:46 a.m., Published: Nov. 11, 2025, 2:20 p.m.
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2025-12686

"Patched" but still exposed: US federal agencies must remediate Cisco flaws (again) - Help Net Security

Trust: 4.5

Fetched: Nov. 18, 2025, 9:46 a.m., Published: Nov. 13, 2025, 2:08 p.m.
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
vendor: cisco model: firepower
vendor: watchguard model: firebox
db: NVD ids: CVE-2025-12480, CVE-2025-9242, CVE-2025-62215, CVE-2025-20362, CVE-2025-20333

Security Vulnerabilities on RG-EW Series Devices

Trust: 4.25

Fetched: Nov. 18, 2025, 9:45 a.m., Published: Nov. 2, 2025, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-11073

Landfall's Silent Assault: Unmasking the Middle East Spyware Threat to Smartphones

Trust: 3.75

Fetched: Nov. 18, 2025, 9:45 a.m., Published: Nov. 13, 2025, 12:40 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: trend model: antivirus
vendor: trend model: security
vendor: palo alto networks model: networks
vendor: samsung model: samsung galaxy
vendor: samsung model: mobile
vendor: samsung model: samsung
vendor: samsung model: galaxy
vendor: palo model: networks

Android Photo Frame App Infects Devices With Malware, Allows Full Remote Takeover

Trust: 3.5

Fetched: Nov. 18, 2025, 9:44 a.m., Published: Nov. 14, 2025, 8:01 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android
vendor: google model: home

CISA Warns of Samsung Mobile Devices 0-Day RCE Vulnerability Exploited in Attacks

Trust: 5.5

Fetched: Nov. 18, 2025, 9:44 a.m., Published: Nov. 11, 2025, 6:07 a.m.
 Vulnerabilities: code execution, memory corruption
Affected productsExternal IDs
vendor: samsung model: mobile devices
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: samsung model: samsung mobile
db: NVD ids: CVE-2025-21043, CVE-2025-21042

Top 20 VAPT Testing Tools For 2025 : A Complete Guide

Trust: 3.5

Fetched: Nov. 18, 2025, 9:43 a.m., Published: Oct. 17, 2024, 12:58 p.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs
vendor: wireshark model: wireshark
vendor: google model: android

CVE-2025-43418 - Apple iOS Locked Device Information Disclosure Vulnerability

Trust: 6.0

Fetched: Nov. 18, 2025, 9:42 a.m., Published: Nov. 5, 2025, 7:15 p.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: apple model: iphone_os
db: NVD ids: CVE-2025-43418

Zyxel security advisory for uncontrolled resource consumption and command injection vulnerabilities in certain 4G LTE/5G NR CPE, DSL/Ethernet CPE, Fiber ONTs, Security Routers, and Wireless Extenders | Zyxel Networks

Trust: 3.0

Fetched: Nov. 18, 2025, 9:41 a.m., Published: Nov. 7, 2025, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs

RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet

Trust: 4.75

Fetched: Nov. 18, 2025, 9:41 a.m., Published: Nov. 15, 2025, 4:35 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-24893

FortiWeb Auth Bypass Vuln Exploited: Script to Detect Vuln Appliances - InfoSecBulletin

Trust: 3.25

Fetched: Nov. 18, 2025, 9:40 a.m., Published: Nov. 14, 2025, 4:29 a.m.
 Vulnerabilities: authentication bypass, path traversal
Affected productsExternal IDs
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo model: pan-os
vendor: palo model: firewall
vendor: palo model: networks

CVE-2025-52578 - Schneider Electric Command Centre Server Predictable Random Number Generation Vulnerability

Trust: 3.0

Fetched: Nov. 18, 2025, 9:40 a.m., Published: Nov. 18, 2025, 4:15 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-52578

Security Report: Fixing High-Severity DNS Amplification Vulnerability on MikroTik RouterOS - Tech Junction

Trust: 3.0

Fetched: Nov. 18, 2025, 9:38 a.m., Published: Nov. 17, 2025, 6:27 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: mikrotik model: routeros
vendor: mikrotik model: mikrotik

Cisco Firewall, Unified CCX, and ISE Vulnerability Summary (Nov 2025) - Security Boulevard

Trust: 3.25

Fetched: Nov. 18, 2025, 9:35 a.m., Published: Nov. 17, 2025, 8:01 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: unified ccx

Cisco Catalyst Center Virtual Appliance Privilege Escalation Vulnerability - Cisco

Trust: 5.25

Fetched: Nov. 18, 2025, 9:34 a.m., Published: Nov. 13, 2025, 10:51 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: cisco model: catalyst